Description
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.
Published: 2026-05-20
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A command injection vulnerability in HP Linux Imaging and Printing Software enables an attacker to execute arbitrary system commands. The flaw, classified as CWE-77 and CWE-78, can allow a malicious user to run commands with the privileges of the imaging service, potentially escalating to root and gaining full system control. The vulnerability is specifically identified as a potential escalation of privileges and/or arbitrary code execution via operating system command injection.

Affected Systems

The HP Linux Imaging and Printing Software product distributed by HP Inc. on Linux platforms is affected. No specific version information is disclosed, so all deployed instances should be examined for this risk.

Risk and Exploitability

The vulnerability scores a CVSS of 8.5, indicating high severity. EPSS score of < 1% indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred as command injection through the imaging service, which could be local or remote depending on how the service is exposed. The high CVSS score combined with the potential for arbitrary code execution represents a serious risk if exploited.

Generated by OpenCVE AI on May 22, 2026 at 01:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the HP Linux Imaging and Printing Software to the latest version that contains the command injection fix as released by HP.
  • When no update is immediately available, reconfigure the imaging service to run under a dedicated low‑privilege user account and disable any ability to launch arbitrary system commands.
  • Enable audit logging for the imaging service and monitor logs for unexpected command executions, applying strict alerting on suspicious activity.
  • Implement SELinux or AppArmor confinement policies for the imaging service to restrict its access to privileged commands and files.

Generated by OpenCVE AI on May 22, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 21 May 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 21 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp linux Imaging And Printing
Vendors & Products Hp
Hp linux Imaging And Printing

Wed, 20 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.
Title HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution
First Time appeared Hp Inc
Hp Inc hp Linux Imaging And Printing Software
Weaknesses CWE-77
CPEs cpe:2.3:a:hp_inc:hp_linux_imaging_and_printing_software:*:*:linux:*:*:*:*:*
Vendors & Products Hp Inc
Hp Inc hp Linux Imaging And Printing Software
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hp Linux Imaging And Printing
Hp Inc Hp Linux Imaging And Printing Software
cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published:

Updated: 2026-05-21T13:03:10.536Z

Reserved: 2026-05-14T18:58:14.958Z

Link: CVE-2026-8632

cve-icon Vulnrichment

Updated: 2026-05-21T13:03:07.897Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T21:16:18.233

Modified: 2026-05-21T18:58:59.447

Link: CVE-2026-8632

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-20T20:14:36Z

Links: CVE-2026-8632 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T02:00:13Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')